MiSec Meetup May 2014

We have two guest speakers for April’s meet-up. Jimmy Vo (@jimmyvo) will be presenting on “How To Win Friends and Influence Hackers”. Afterwards, Nick Jacob (@MortiousPrime) will opine on information security, piracy, video gaming, sea shanties, and raising snakes. Don’t miss.

Thursday, May 8th, 7-9 pm

First Center Building
26911 Northwestern Highway
Southfield, MI 48033

MiSec Meetup April 2014

Our guest speaker “Bob” will be giving a talk on OSINT, and protecting one’s privacy in the age of ubiquitous communication.

Thursday, April 10th, 7-9 pm

First Center Building
26911 Northwestern Highway
Southfield, MI 48033

March Threat Modeling Workshop

Over the past six months, a core group within #misec has been developing a threat modeling approach. We held a small focus group in October to work out the approach. The concepts were presented at GrrCon, BSides Jackson, BSides Columbus, and the local ISSA chapter. With that, we received a lot of feedback and improved the model. We are now ready to hold a larger workshop on threat modeling.

Workshop tickets, free as always, are available here:

Saturday, March 8th, 10 am to 4 pm

R.L. Polk
26533 Evergreen, 9th floor
Southfield, MI 48076

Please meet us at the North Entrance. One of us will show you up stairs.

MiSec Meetup March 2014

March is the quarterly OWASP Detroit meeting and will feature a presentation by Robert Former on embedded encryption.


Robert Former is a security engineer with 20 years of experience in the IT field. Throughout his career, Robert has worked in many aspects of Information Technology and has experience in the design, implementation, and operation of cabling, LAN, WAN, MAN, both traditional and IP telephony, data centers, server systems, and, for the last 9 years, information security and compliance. Robert currently holds the ISC(2) CISSP™, ISACA CISA™, and NSA IAM/IEM certifications. He is employed by Neohapsis, a leading security research and consulting firm based in Chicago, IL, as a Senior Security Consultant. In his spare time, Robert enjoys spending time with his family as well as pursuing photography, sailing and amateur radio.


Encryption is a tricky business in the best of circumstances. Encryption on embedded systems is a minefield of opportunity for poor implementation. This talk will explore some common missteps in crypto implementations on embedded systems focusing on Internet of Things (IoT) and smart meters. Ways of avoiding the common mistakes will be presented and offered up for discussion.

Thursday, March 13th, 7-9 pm

First Center Building
26911 Northwestern Highway
Southfield, MI 48033

MiSec Meetup February 2014

For February, Zach (@quine) will be presenting on his research into the new BlackBerry smart phones.

No Apology Required: Deconstructing BB10

BB10, BlackBerry’s next generation mobile operating system, is a stark departure from the traditional BlackBerry OS. Like its cousin, TabletOS on the PlayBook, it’s based on QNX and supports numerous frameworks and runtimes (including support for Android), as well as native code — a first for BlackBerry devices. Incidentally, it’s also chock full of peculiar design decisions and strange bits of hackish glue, many of which give rise to vulnerabilities.

In this talk, we will present our objective security analysis of BB10, focusing on the methodology used in assessing this black box system. We will discuss processes used to gain low level access to the system, analyze system internals and firmware, and instrument processes. We will also explore network and application attack surfaces, documented and observed security controls, and findings from our assessment.

Thursday, February 13th, 7-9 pm

First Center Building
26911 Northwestern Highway
Southfield, MI 48033

BSides Columbus

BSides Columbus is coming up and John (@Cranky_JC) is organizing the invasion. The time and place:

When: Monday, January 20th, 2014
Where: Doctors Hospital West, 5100 W Broad St, Columbus, OH 43228

BSides Columbus is being keynoted by Dave Kennedy and Jayson Street. The speaker line-up includes #misec favorites like Steven Aiello, Nick Jacob, Mark Kikta, and Wolf Goerlich. There is no better way to spend a Monday.


Carpool sign-up:

MiSec Meetup January 2014

Ushering in the new year, Steven Fox is presenting on Open Source Intelligence (OSINT) at the first meet-up of 2014.

The Lens of Trust – Investigating Crime with OSINT

Missing persons cases, kidnapping, financial fraud; these are some of the cases investigated with the use of open information sources. Long thought to be a tool of cyber miscreants, Open Source Intelligence (OSINT) is playing an increasingly popular role in gathering indicators of criminal activity, analyzing the data for patterns, and deriving intelligence to supplement traditional investigations.

This session explores a case where the rigor of jurisprudence enabled the use of OSINT to gather evidence for analysis in the courts. Attendees will learn how the rules of evidence were applied to social media findings and how that data was handled and used to solve a criminal mystery.

Steven F. Fox provides security guidance to ensure compliance with Federal standards and requirements as a Senior Security Architecture and Engineering Advisor for the IRS. Fox contributes to multiple working groups including the IPv6 transition team, Developer Security Testing workgroup and the Security and Privacy workgroup. He brings a cross-disciplinary perspective to the practice of information security; combining his experience as a security consultant, an IT Auditor and a systems engineer with principles from behavioral/organizational psychology to address security challenges. He is a syndicated blogger covering IT Governance, Risk Management and IT-Business fusion topics. He also volunteers his time to the Ponemon Institute and Security BSides Detroit.

Thursday, January 9th, 7-9 pm

First Center Building
26911 Northwestern Highway
Southfield, MI 48033

MiSec Meetup December 2013

At December’s OWASP Detroit meeting, Jeremy Nielson (@jeremynielson) will present Susie the Useful SOC Puppet: A blue-team bedtime story.

Susie spends her days looking at logs. Lots and lots of logs. But one day Susie discovered there was more to being a SOC puppet than just looking for APT1. Follow Susie and her team of puppets as we cover a couple of real-world attack scenarios and how we can apply our IDS alert findings to securing our vulnerable web applications.

Thursday, December 12th, 7-9 pm

First Center Building
26911 Northwestern Highway
Southfield, MI 48033

MiSec Meetup November 2013

James Wong is coming to present on his work with Java and cryptography. You can read more here:

Java Cryptography Part 1: Designing a Java Cryptography Header
Java Cryptography Part 2: Encryption and Digital Signatures
Java Cryptography Part 3: Decryption and Verifying Signatures

Steven Fox and J Wolfgang Goerlich will also be doing a lightening talk on creating threat models as a basis for communicating the need for security improvements.

Thursday, November 14th, 7-9 pm
First Center Building
26911 Northwestern Highway
Southfield, MI 48033

MiSec Meetup October 2013

This month, OWASP Detroit returns with a night filled with Web application security content. Talks begin at 7:30 pm and run through 9 pm.

Bradley McMahon (@Nullspace): “ORM – let’s make everyone happy”
M (@nerdybeardo): “Password storage sucks!”
Josh Little (@zombietango): “Updates on the OWASP Top 10″

Thursday, October 10th, 7-9 pm
First Center Building
26911 Northwestern Highway
Southfield, MI 48033

Return top

About MichSec.org

We are a collective of Michigan based information security professionals (or maybe just people interested in security) looking to share knowledge and make the world a safer place.